|
881
|
4.3 |
MEDIUM
Network
|
sap
|
hana-client
|
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. T…
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-45277
|
2024-11-15 02:54 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
5.4 |
MEDIUM
Network
|
wpgrids
|
slicko
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpgrids Slicko allows DOM-Based XSS.This issue affects Slicko: from n/a through 1.2.0.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51591
|
2024-11-15 02:51 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine host…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-37179
|
2024-11-15 02:35 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
- |
|
-
|
-
|
In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to requ…
Update
|
-
|
CVE-2024-29120
|
2024-11-15 02:35 |
2024-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
- |
|
-
|
-
|
SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via …
Update
|
-
|
CVE-2024-36683
|
2024-11-15 02:35 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
- |
|
-
|
-
|
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF…
Update
|
-
|
CVE-2024-4532
|
2024-11-15 02:35 |
2024-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
- |
|
-
|
-
|
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
Update
|
-
|
CVE-2024-28161
|
2024-11-15 02:35 |
2024-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
6.2 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
If access to offset + length is larger than the …
Update
|
NVD-CWE-noinfo
|
CVE-2024-50251
|
2024-11-15 02:31 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
8.8 |
HIGH
Network
|
blrt
|
blrt_wp_embed
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9.
Update
|
CWE-89
SQL Injection
|
CVE-2024-51606
|
2024-11-15 02:17 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_backoffice
|
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45278
|
2024-11-15 02:17 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
